Privacy Policy

Privacy Policy

Effective as of July 2025

This Privacy Policy informs you about the nature, scope, and purpose of the processing of your personal data (hereinafter referred to as “data”) by us, as well as your related rights.

  1. Who is responsible for data processing and whom can I contact?

The entity responsible within the meaning of the General Data Protection Regulation (GDPR) is:

WSI Wealth Systems & Intelligent Capital Ltd
Georgiou Karaiskaki 11-13
Carisa Salonica, Office 102
7560 Larnaca
Cyprus
Email: info@wsi-capital.com
Website: https://wsi-capital.com/
Managing Director: Meikel Mokry

If you wish to object to the collection, processing, or use of your data under data protection laws, either in whole or with respect to individual measures, please direct your objection to the address stated above or by email to the email address provided above.

  1. On what legal basis do we process your data?
    Pursuant to Article 13 GDPR, we hereby inform you of the legal bases for our data processing below. If the legal basis is not expressly stated in this privacy policy, the following applies:

If you have given consent to the processing of your personal data, the legal basis is Article 6(1)(a) and Article 7 GDPR.
If the processing is necessary to perform our services and execute contractual measures or respond to inquiries, the legal basis is Article 6(1)(b) GDPR.
If processing is necessary to fulfill our legal obligations, the legal basis is Article 6(1)(c) GDPR.
If processing is necessary to protect our legitimate interests, the legal basis is Article 6(1)(f) GDPR.
If the processing of personal data is necessary to protect vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.

If the processing is based on your consent, you may revoke this consent at any time with future effect. You can submit your revocation by post to the above address or by email to the above email address.

In the event that we disclose data to other persons or companies (processors or third parties) within the scope of our processing, transfer data to them, or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if data transfer to third parties such as payment service providers is necessary for contract fulfillment pursuant to Article 6(1)(b) GDPR), your consent, a legal obligation, or based on our legitimate interests (e.g., use of contractors, web hosting providers, etc. pursuant to Article 6(1)(c) GDPR).

If we commission third parties to process data, this is done pursuant to Article 28 GDPR (so-called “order processing”).

  1. What data is processed
    3.1 Contractual Services

We process the data of our contractual partners and prospects as well as other clients, customers, principals, or contractual partners (collectively referred to as “contractual partners”) pursuant to Article 6(1)(b) GDPR in order to provide our contractual or pre-contractual services. The data processed, its type, scope, purpose, and necessity are determined by the underlying contractual relationship.

The processed data include master data of our contractual partners (e.g., names and addresses), contact data (e.g., email addresses and telephone numbers), contractual data (e.g., services used, contract contents, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history).

Depending on the payment method you choose, we forward your bank details to the appointed payment service provider for payment processing. Further information on individual payment service providers can be found under section 7 of this privacy policy. Moreover, we only transfer personal data to third parties if this is necessary within the scope of contract processing.

3.2 Registration on this Website
You may register on our website to use additional features on the site. The data entered for this purpose is used solely to enable the respective service or offer for which you have registered. The mandatory information requested during registration must be provided in full; otherwise, we will reject the registration.

For important changes, such as changes in the scope of the offer or necessary technical changes, we will use the email address provided during registration to inform you.

The processing of data entered during registration is based on your consent (Article 6(1)(a) GDPR). You may revoke your consent at any time. A simple email to us is sufficient. The legality of data processing prior to revocation remains unaffected.

Data collected during registration will be stored as long as you remain registered on our website and will be deleted thereafter. Statutory retention periods remain unaffected.

3.3 Cookies
We use cookies on our website to be able to assign requests and requirements to users. Cookies are small text files stored on your computer system. By using cookies, we are enabled to measure the frequency of page visits and general navigation. Please note that some of these cookies are transferred from our server to your computer system; these are usually so-called “session cookies.” “Session cookies” are characterized by the fact that they are automatically deleted from your hard drive at the end of the browser session. Other cookies remain on your computer system and enable us to recognize your computer system on your next visit (so-called persistent cookies).

This data processing is based on Article 6(1)(f) GDPR to protect our legitimate interests, such as preventing misuse and disruptions as well as optimizing our offerings. If the use of cookies is technically necessary to fulfill our contractual obligations, the legal basis is Article 6(1)(b) GDPR. In all other cases, the legal basis for processing your data is your declared consent (Article 6(1)(a) GDPR). You can revoke this consent at any time without giving reasons.

Opt-Out: If your browser allows, you can reject cookies at any time and thus object to the processing of your data through cookies. Please note that certain functions of this website may not be available or only partially available if your browser is set to reject cookies (from our website).

3.4 Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security services, as well as technical maintenance services, which we use for the operation of this online offering. For these purposes, we or our hosting provider process your data based on our legitimate interests in the efficient and secure provision of this online service pursuant to Article 6(1)(f) GDPR in conjunction with Article 28 GDPR (conclusion of a data processing agreement).

3.5 Collection of Access Data and Log Files
We, or our hosting provider, collect and store data about every access to the server hosting this service (so-called server log files) based on our legitimate interests pursuant to Article 6(1)(f) GDPR. Access data includes the date and time of access, name of the retrieved web page, amount of data transferred, message about successful retrieval, browser type and version, user’s operating system, previously visited page (so-called “referrer URL”), IP address, and requesting provider.

This information is necessary to correctly deliver the contents of our website, optimize the website content and advertising, ensure the permanent functionality of our IT systems and the technology of our website, and to provide law enforcement authorities with the necessary information for prosecution in the event of a cyberattack.

Log file information is stored by us for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidential purposes are exempt from deletion until the respective incident is finally resolved and may be passed on to investigative authorities in individual cases.

3.6 Contact
When you contact us (e.g., via contact form, email, phone, or social media), your information is processed to handle and process your inquiry in accordance with Article 6(1)(b) GDPR in conjunction with your given consent.

We do not share this data without your consent. You may revoke your consent at any time without providing reasons. A simple notification by email to us is sufficient. The lawfulness of the data processing carried out prior to revocation remains unaffected.

The data will be deleted after your inquiry has been fully processed.

We do not share your data without your consent unless we are required to do so by law or official order.

  1. How secure is my data
    All data you provide to us is encrypted and transmitted using the SSL (Secure Socket Layer) protocol for security reasons. SSL is a proven and globally used encryption system that automatically encrypts your data before sending it to us. You can recognize a secure, encrypted connection by the browser address changing from “http://” to “https://” and by the lock symbol in your browser’s address bar.

Furthermore, we employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

  1. What rights do I have as a data subject?
    5.1 Access, Correction, Deletion, Restriction of Processing, Data Portability, Withdrawal, Complaint

You have the right at any time to:

Request access to the personal data we hold about you in accordance with Article 15 GDPR
Request correction of your data pursuant to Article 16 GDPR or deletion pursuant to Article 17 GDPR
Request restriction of processing of your data pursuant to Article 18 GDPR
Request data portability pursuant to Article 20 GDPR
File a complaint with a data protection supervisory authority pursuant to Article 77 GDPR.

Your responsible supervisory authority is the one at your place of residence. For Cyprus, this is:
Office of the Commissioner for Personal Data Protection
Iasonos 1, 1082 Nicosia, Cyprus
Phone: +357 22818456
Email: commissioner@dataprotection.gov.cy
Website: https://www.dataprotection.gov.cy

5.2 Right to Object
If your personal data is processed based on legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right under Article 21 GDPR to object to the processing of your personal data for reasons arising from your particular situation or if the objection relates to direct marketing. In the latter case, you have a general right to object, which we must implement without requiring you to state a specific reason.

To exercise your right to object, a simple email to: info@wsi-capital.com is sufficient.

  1. How long is my data stored?
    The data we process is deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. As soon as the data is no longer necessary for its purpose and no statutory retention obligations prevent deletion, the data stored with us will be deleted. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons. According to legal requirements in Cyprus, tax and commercial records must generally be retained for six years pursuant to applicable Cypriot tax and corporate law.

 

  1. Payment Service Providers
    We transfer your data to external payment service providers based on Article 6(1)(b) GDPR to fulfill our contractual obligations and service duties in the context of payment processing via their platforms.

The data processed by the payment service providers include your name, credit card details (card number, expiration date, security code, etc.). This information is necessary to carry out the transactions. However, the entered data are processed and stored exclusively by the payment service providers. This means we do not receive account or credit card-related information but only receive confirmation or rejection of the payment. In some cases, the payment service providers may transfer data to credit agencies. This transfer is for identity and creditworthiness verification. For more information, please refer to the terms and privacy policies of the respective payment service providers.

The terms and privacy policies of the respective payment service providers apply to payment transactions and are accessible on their respective websites or transaction applications. We also refer to these for further information and to exercise withdrawal, access, and other data subject rights.

  1. Links
    Our website contains links to websites of other providers (e.g., Instagram), which are not covered by this privacy policy. When you click on the embedded graphics, you will be redirected to the respective provider’s website, meaning user information is only transmitted to that provider at that point. Please refer to the respective provider’s privacy policies for information on how your personal data is handled when using these websites. If the use of websites of other providers involves the collection, processing, or use of personal data, please observe the respective providers’ privacy notices.